alicloud-ecs
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the agent to execute arbitrary shell, batch, or PowerShell commands on managed Alibaba Cloud ECS instances via the
runCommandandinvokeCommandAPIs. Documentation and examples for this functionality are found inscripts/examples.tsandreferences/command.md. While a core feature of cloud management, this represents a powerful capability that must be used with least-privilege principles. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).
- Ingestion points: The agent retrieves data from potentially untrusted sources via
describeInvocationResults(which fetches command outputs from remote instances),describeUserData, and resource tags (tag-resource.md). - Boundary markers: The skill's code examples and documentation do not implement boundary markers or instructions to treat data retrieved from cloud instances as untrusted.
- Capability inventory: The skill possesses high-risk capabilities including remote command execution (
runCommand), arbitrary file writing to instances (sendFile), and security group rule manipulation (security-group.md). - Sanitization: No evidence of data sanitization or output escaping was found in the provided TypeScript examples (
scripts/examples.ts), meaning content retrieved from a compromised or maliciously configured instance could influence the agent's logic.
Audit Metadata